CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2025-1316 CRITICAL KEV
Edimax IC-7100 Firmware - Remote Code Execution via Crafted Requests
CVSS 9.8
CVE-2025-26320 MEDIUM
t0mer BroadlinkManager < 5.9.1 - OS Command Injection via IP Address Parameter
CVSS 6.5
CVE-2025-1829 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - Code Injection
CVSS 6.3
CVE-2025-1819 MEDIUM
Tenda AC7 1200M <15.03.06.44 - Command Injection
CVSS 6.3
CVE-2025-20161 MEDIUM
Cisco Nexus 3000/9000 - Command Injection
CVSS 5.1
CVE-2025-1676 MEDIUM
hzmanyun Education and Training System 3.1.1 - OS Command Injection via pdf2swf File Parameter
CVSS 6.3
CVE-2025-27140 CRITICAL
WeGIA < 3.2.15 - OS Command Injection via importar_dump.php Endpoint
CVSS 9.8
CVE-2025-27364 CRITICAL
MITRE Caldera <5.0.0 before 35bc06e - RCE
CVSS 10.0
CVE-2025-22495 HIGH
Network-M2 <3.0.4 - Privilege Escalation
CVSS 8.4
CVE-2025-1616 MEDIUM
FiberHome AN5506-01A ONU GPON RP2511 - OS Command Injection via Diagnosis Destination Address
CVSS 4.7
CVE-2025-1610 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via set_blacklist mac/enable Parameter
CVSS 6.3
CVE-2025-1609 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via websGetVar Function
CVSS 6.3
CVE-2025-1608 MEDIUM
LB-LINK AC1900 Router 1.0.2 - OS Command Injection via routepwd Parameter
CVSS 6.3
CVE-2025-27106 HIGH
binance-trading-bot - Command Injection
CVSS 8.8
CVE-2025-1546 HIGH
BDCOM Behavior Management and Auditing System <20250210 - Code Inje...
CVSS 7.3
CVE-2025-1536 HIGH
Raisecom Multi-Service Intelligent Gateway <20250208 - Code Injection
CVSS 7.3
CVE-2025-1265 CRITICAL
Vinci Protocol Analyzer - Command Injection
CVSS 9.9
CVE-2025-26856 HIGH
UD-LT2 firmware <1.00.008_SE - Command Injection
CVSS 7.2
CVE-2025-25895 HIGH
D-Link DSL-3782 Firmware 1.01 - OS Command Injection via public_type Parameter
CVSS 8.0
CVE-2025-25894 HIGH
D-Link DSL-3782 v1.01 - OS Command Injection via samba_wg and samba_nbn Parameters
CVSS 8.0
CVE-2025-25893 HIGH
D-Link DSL-3782 v1.01 - OS Command Injection via inIP, insPort, inePort, exsPort, exePort, and protocol Parameters
CVSS 8.0
CVE-2025-26613 CRITICAL
WeGIA < 3.2.14 - OS Command Injection via gerenciar_backup.php Endpoint
CVSS 9.8
CVE-2025-1370 MEDIUM
MicroWorld eScan Antivirus 7.0.32 - OS Command Injection via Autoscan USB epsdaemon sprintf
CVSS 5.3
CVE-2025-1369 MEDIUM
eScan Antivirus 7.0.32 - OS Command Injection in USB Password Handler
CVSS 4.5
CVE-2025-1339 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - OS Command Injection via setL2tpdConfig enable Parameter
CVSS 6.3
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits